BLACK HAT USA 2015 - REGISTRATION IS NOW OPEN

Black Hat | Black Hat Asia 2014: First Three Briefings Selected

Welcome to 2014! Today we're focusing on the first trio of Briefings selected for Black Hat Asia 2014. From hacking cars to the ins and outs of surveying the entire Internet, we've got an incredible amount of fascinating insider knowledge to share.

You might have caught Alberto Garcia Illera and Javier Vazquez Vidal's Black Hat USA 2013 Arsenal presentation, "Dude, WTF in My Car!," where they thoroughly dissected automobile ECUs (engine control units) and released a powerful tool to exploit them. Join the duo again for Dude, WTF in My CAN!, where their focus shifts to the CAN (controller area network) bus at the heart of many modern vehicles. They'll show you how to build a device for only $20 that can pwn the CAN bus and allow an attacker to control it remotely. Also on the agenda: the current state of car forensics and how such data can be extracted and used in legal cases.

When flaws and exploits emerge in Microsoft products and the security hits the fan, the company has a history of issuing so-called "Fix It" patches that attempt to take care of the immediate threat. The In-Memory Fix It is one recently documented variation on the concept. In Persist It: Using and Abusing Microsoft's Fix It Patches Jon Erickson will share his research on these in-memory patches. Through reverse engineering, he's gained the ability to create new patches, which can maintain persistence on a host system. Microsoft's Fix Its may need a fix themselves.

Between the Critical.IO and Internet Census 2012 scanning projects, there have been great strides made over the last year or two in Internet survey cost and practicality. While some of the results have been dismaying -- i.e. misconfigured hardware across the Internet leaves it vulnerable to attack -- the datasets generated by this massive-scale research provide rare evidence on risks and vulnerability exposure, and show where further security research is needed most. Come to Scan All the Things - Project Sonar with Mark Schloesser to learn how these surveys were conducted, as well as the eye-opening results they've generated so far.